A method for encryption in a wireless communication system includes encrypting, at a base station, data of a physical layer control channel using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel; and transmitting the encrypted data to a user equipment (ue), where the ue is in a cell of the base station.
|
1. A method, comprising:
encrypting, by a base station, data of a physical layer control channel using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel, wherein the data comprises at least a user identity identifying a user equipment (ue), and the encrypting the data of the physical layer control channel comprises generating an encrypted user identity;
scrambling a plurality of cyclic redundancy check (CRC) parity bits by using the encrypted user identity; and
transmitting the scrambled CRC to the ue, wherein the ue is in a cell of the base station.
19. A method, comprising:
receiving, by a user equipment (ue), data of a physical layer control channel, wherein the received data includes a scrambled cyclic redundancy check (CRC), the scrambled CRC is generated by scrambling a plurality of cyclic redundancy check (CRC) parity bits by using an encrypted user identity, and the encrypted user identity is generated by encrypting a user identity identifying the ue using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel;
determining, at the ue, the encrypted user identity; and
determining a message payload of the control channel using the determined encrypted user identity.
9. A base station, comprising:
a memory; and
at least one hardware processor communicatively coupled with the memory and configured to:
encrypt data of a physical layer control channel using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel, wherein the data comprises at least a user identity identifying a user equipment (ue), and the encrypting the data of the physical layer control channel comprises generating an encrypted user identity;
scramble a plurality of cyclic redundancy check (CRC) parity bits by using the encrypted user identity; and
transmit the scrambled CRC to the ue, wherein the ue is in a cell of the base station.
14. A tangible, non-transitory computer-readable medium containing instructions which, when executed, cause a base station to perform operations comprising:
encrypting data of a physical layer control channel using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel, wherein the data comprises at least a user identity identifying a user equipment (ue), and the encrypting the data of the physical layer control channel comprises generating an encrypted user identity;
scrambling a plurality of cyclic redundancy check (CRC) parity bits by using the encrypted user identity; and
transmitting the scrambled CRC to the ue, wherein the ue is in a cell of the base station.
2. The method of
4. The method of
encrypting the data using at least one of a frame number or a subframe number.
5. The method of
encrypting the data using a reference parameter generated based on a frame number.
6. The method of
a message payload of the control channel.
8. The method of
wherein the plurality of CRC parity bits are generated based on the message payload of the control channel.
10. The base station of
11. The base station of
12. The base station of
a message payload of the control channel.
13. The base station of
wherein the plurality of CRC parity bits are generated based on the message payload of the control channel.
15. The tangible, non-transitory computer-readable medium of
16. The tangible, non-transitory computer-readable medium of
encrypting the data using at least one of a current time, a frame number, a subframe number, or a reference parameter generated based on a frame number.
17. The tangible, non-transitory computer-readable medium of
a message payload of the control channel.
18. The tangible, non-transitory computer-readable medium of
20. The method of
21. The method of
22. The method of
23. The method of
wherein the plurality of CRC parity bits are generated based on the message payload of the control channel.
|
This disclosure relates to encryption in wireless communication systems and, more specifically, to encryption on physical layer channels.
Security is an essential feature for communication systems involving wireless connections, because the over-the-air nature of wireless transmissions makes the communications more easily compromised. A malicious entity could attempt to receive user plane data (for example, voice or data files) intended for a third party as an eavesdrop. A malicious entity could also attempt to receive control plane data intended for a third party, as a way to spy on activities of the third party. These vulnerabilities can be generally solved by encrypting which prevents user plane and/or control plane data being sent in unencrypted plain text over the air and read by a malicious entity.
Like reference numbers and designations in the various drawings indicate like elements.
The present disclosure is directed to encryption in wireless communication systems. In wireless communication systems, a physical layer device identifier can be assigned to a user equipment (UE) to identify the UE on physical layer channels. For example, in 3rd Generation Partnership Project (3GPP) Long-Term Evolution (LTE), a radio network temporary identifier (RNTI) is an identifier to identify a UE in a radio access network. A base station can assign an RNTI to a UE when the UE is in a cell coverage of the base station or when the UE is in communication with the base station. In other words, an RNTI is a cell-specific identity. In some cases, an RNTI is transmitted over the air and can be intercepted by an attacker. For example, an RNTI is assigned to the UE during the random access procedure in which multiple unencrypted messages are exchanged and the RNTI may be intercepted from the unencrypted messages. After an RNTI has been allocated to the UE, the RNTI is transmitted in every physical downlink control channel (PDCCH) from the base station to the UE. Although the RNTI is not transmitted in plain text and is combined (e.g., using an XOR or exclusive or operation) with cyclic redundancy check (CRC) parity bits, in the case that the attacker can assume that the message is received error-free, it may be possible for the attacker to exploit redundancy in the CRC algorithm to recover the RNTI.
A number of security attacks can happen following the interception of the physical layer device identifier. For example, once the RNTI is known, any messages addressed to the specific RNTI in a given cell can be tracked by the attacker. With the RNTI information, a malicious user could track information as to how-long a user stays at a given cell (e.g., causing privacy problems). The attacker may also perform certain denial of service style attacks, e.g., by sending messages scrambled with the intercepted RNTI pretending to be the legitimate UE. Therefore, it is desirable to enhance confidentiality of a physical layer device identifier when the device identifier is transmitted over the air, for example, over a physical layer control channel such as PDCCH.
In wireless communication systems, security can be achieved by using keys or parameters that are shared between the UE and the network to cipher/decipher user plane and/or control plane data. A number of parameters can be input to the encryption algorithm. It is a generally accepted principle that any two messages/data streams are desired to be independently encrypted using different input parameters, to decrease security vulnerabilities for an attacker to decipher these messages/data streams. In other words, it is desired that at least one of the input parameters or the combination of input parameters to the encryption algorithm is different among possible occurrences of encryption. Note that the message/data to be encrypted does not count as a different input parameter even though its content can be different, as redundancy in the message structure or content in the message can be exploited by a deciphering attacker.
In some implementations, a base station can encrypt data of a physical layer control channel using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel. The base station can transmit the encrypted data to a UE that is in a cell of the base station. For example, in LTE, the control channel type can be a downlink control information (DCI) format, the radio resource aggregation level of the control channel can be a control channel element (CCE) aggregation level, and the radio resource index of the control channel can be a CCE index. The base station can further encrypt the data of the control channel using at least one of a current time, a frame number, a subframe number, or a reference parameter generated based on a frame number. The data of the control channel to be encrypted can be at least one of a user identity identifying the UE or a message payload of the control channel. In some cases, the user identity is an RNTI. In some implementations, the base station can scramble the encrypted RNTI with CRC parity bits, where the CRC parity bits are generated based on the message payload of the control channel.
In some implementations, a UE can receive data of a physical layer control channel. The received data can include an encrypted user identity generated by encrypting a user identity identifying the UE using at least one of a control channel type, a radio resource aggregation level of the control channel, a radio resource index of the control channel, or a subcarrier frequency of the control channel. The UE can determine the encrypted user identity. The UE can further determine a message payload of the control channel using the determined encrypted user identity. For example, in LTE, the control channel type can be a downlink control information (DCI) format, the radio resource aggregation level of the control channel can be a control channel element (CCE) aggregation level, and the radio resource index of the control channel can be a CCE index. The user identity can be a radio network temporary identifier (RNTI). The encrypted user identity can be generated further using at least one of a current time, a frame number, a subframe number, or a reference parameter generated based on a frame number. In some cases, the received data can include the encrypted user identity scrambled with CRC parity bits, and the CRC parity bits are generated based on the message payload of the control channel.
The encryption in wireless systems according to methods and systems described herein enables secure wireless communications between a UE and a base station, and prevents a malicious user from tracking information exchanged between the UE and the base station. As opposed to traditional ciphering of user identities such as international mobile subscriber identity (IMSI) or Temporary Mobile Subscriber Identity (TMSI) on higher layers, the described approach ciphers a user identity at a physical layer such as the cell-specific RNTI, and improves security on the physical layer.
Turning to a general description of the elements, a UE 102 may be referred to but is not limited to as a mobile electronic device, user device, mobile station, subscriber station, portable electronic device, mobile communications device, wireless modem, push-to-talk (PTT) dispatch console, or wireless terminal. Examples of a UE may include but are not limited to a cellular phone, personal data assistant (PDA), smart phone, PTT dispatch console, laptop, tablet personal computer (PC), pager, portable computer, portable gaming device, wearable electronic device, test equipment, gambling machine, car/vehicle, notice board, home appliance or other mobile communications device having components for communicating voice or data via a wireless communication network. The wireless communication network may include a wireless link over at least one of a licensed spectrum and an unlicensed spectrum.
Other examples of a UE include mobile and fixed electronic devices. A UE may include a Mobile Equipment (ME) device and a removable memory module, such as a Universal Integrated Circuit Card (UICC) that includes a subscriber identity module (SIM), a Universal SIM (USIM), or a Removable User Identity Module (R-UIM). The term “UE” can also refer to any hardware or software component that can terminate a communication session for a user. In addition, the terms “user equipment,” “UE,” “user equipment device,” “user agent,” “UA,” “user device,” and “mobile device” can be used synonymously herein.
The wireless communication network 106 may include one or a plurality of radio access networks (RANs), other access networks such as fixed Ethernet or IEEE 802.11 WLAN, core networks (CNs), and external networks. The RANs may include one or more radio access technologies. In some implementations, the radio access technologies may be but are not limited to GSM, Interim Standard 95 (IS-95), Universal Mobile Telecommunications System (UMTS), CDMA2000 (Code Division Multiple Access), Evolved UMTS, LTE, or LTE-Advanced. In some instances, the core networks may be evolved packet cores (EPCs).
A RAN is part of a wireless telecommunication system which implements a radio access technology, such as UMTS, CDMA2000, 3GPP LTE, and 3GPP LTE-A. In many applications, a RAN includes at least one base station. A base station (e.g., the base station 104) may be a radio base station that may control all or at least some radio-related functions in a fixed part of the system. The base station may provide radio interface within their coverage area or a cell for a UE to communicate. The base station or plurality of base stations may constitute the cellular network to provide a wide area of coverage. The base station directly communicates with one or a plurality of UEs, other base stations, and one or more core network nodes.
While elements of
a) Channel Type
The specific instance parameter 204 can include a parameter indicating a channel type or a channel identity of a physical channel associated with the unciphered stream 202. For example, if the unciphered stream 202 is an RNTI that is to be transmitted on a PDCCH, the specific instance parameter 204 can be a downlink control information (DCI) format of the PDCCH. 3GPP TS 36.213, subclause 5.3.3, defines 20 different DCI formats such as Format 0, 1, 1A, 1B, 1C, 1D, 2, 2A, 2B, 2C, 3, 3A, 4, etc., hence the specific instance parameter 204 can be a 5-bit input parameter to the encryption module 208 to indicate one of the 20 different DCI formats (5 bits can indicate up to 25=32 DCI formats).
b) Channel Radio Resources
Alternatively, or in combination, the specific instance parameter 204 can include a parameter indicating a radio resource aggregation level of a physical channel associated with the unciphered stream 202. For example, if the unciphered stream 202 is an RNTI that is to be transmitted on a PDCCH, the specific instance parameter 204 can be a parameter indicating a control channel element (CCE) aggregation level of the PDCCH, where the CCE aggregation level refers to the number of CCEs of a PDCCH. LTE defines four possible aggregation levels, i.e., 1, 2, 4, or 8 CCEs. Therefore, the specific instance parameter 204 can be a 2-bit input parameter to the encryption module 208 to indicate one of the four different aggregation levels.
Alternatively, or in combination, the specific instance parameter 204 can include a parameter indicating a radio resource index of a physical channel associated with the unciphered stream 202. For example, if the unciphered stream 202 is an RNTI that is to be transmitted on a PDCCH, the specific instance parameter 204 can be a parameter indicating a CCE index of the PDCCH, e.g., an index of the first CCE of the PDCCH. In LTE, a CCE index can take a value up to 84, and the specific instance parameter 204 can be a 7-bit input parameter to the encryption module 208 to indicate one of the 84 possibilities for the CCE index.
Alternatively, or in combination, the specific instance parameter 204 can include a combination of more than one parameter, e.g., a combination of channel type, CCE aggregation level, and CCE index. In this case, the specific instance parameter 204 can be a 5+2+7=14-bit input parameter to the encryption module 208 to indicate one of the different possibilities of the 3-tuple parameter including DCI format, CCE aggregation level, and CCE index.
In some wireless communication systems, parameters of channel type and channel radio resources may not be sufficient to provide different parameters for possible encryption occurrences. For example, in LTE, one subframe can include multiple PDCCHs, and a combination of channel type, CCE aggregation level, and CCE index is sufficient to provide different encryption parameters for different PDCCHs within a subframe. However, this combination is not sufficient to provide different parameters for PDCCHs in different subframes, for example, two PDCCHs in two subframes can have the same DCI format, CCE aggregation level, and CCE index. To solve this issue, the specific instance parameter 204 can further include the following parameters.
c) Frame Number
Alternatively, or in combination, the specific instance parameter 204 can include a time-based parameter, e.g., a frame number, subframe number, or a reference parameter based on the frame number and/or subframe number, so that the specific instance parameter 204 can be different for different frames/subframes. For example, in LTE, a frame lasts 10 ms and the coding of a frame number uses 10 bits (i.e., the maximum value of the frame number is 210=1024), therefore a frame number repeats itself every 10 ms×210=10.24 seconds. To increase the time duration before which there are possibilities that the combination parameter of frame/subframe number, DCI format, CCE aggregation level, and CCE index repeats itself, it is possible to add other input parameters as additional most significant bits (MSBs) to the frame number.
For example, a reference parameter based on the frame number can extend the frame number with additional bits, for example with additional MSBs. The reference parameter can be used by both the network and the device in conjunction with the frame number. For example, the reference parameter can increase by one after the frame number has reached its maximum value (e.g., 1024 for LTE). The reference parameter is reset to zero after that it has reached a maximum value of the reference parameter. The maximum value of the reference parameter can be specified in the standards (for example, the reference parameter can have 16 bits and the maximum value is 216=65,536), or taken from a parameter in a Master Information Block (MIB) or System Information Broadcast (SIB). Similarly, the initial value of the reference parameter can be specified in the standards (for example, it can be all “0” bits value, or any other value), or taken from a parameter in the MIB or SIB.
In some implementations, the reference parameter can be initially set as the value of the RNTI or other values. The reference parameter can be coded with 16 bits (the same number of bits as the number of bits for the RNTI), and the combination of the frame/subframe number and the reference parameter can repeat itself every 10.24 secs×216=7.77 days. In other words, if the specific instance parameter 204 includes a combination of the frame number and the reference parameter, the specific instance parameter 204 will not repeat itself for 7.77 days. Since it is unlikely that an LTE RRC connection would last as long as 7.77 days, this provides enough robustness to ensure that the input parameter combination would not repeat itself.
In some other implementations, the number of bits of the reference parameter can be increased to, e.g. 20 bits, which would ensure that the input parameter combination is not repeated before 10.24 secs×220=4.14 months. One way to enable the 20-bit reference parameter is to use the 16-bit RNTI as an initial value, together with four appended pre-set bits (for example, all four bits can be initially set to 0). With the 20-bit reference number, multiple control channels can be transmitted in any subframe without the risk of repeating the instance parameter 204 for at least a period of 4.14 months.
d) Current Time:
Alternatively, or in combination, the specific instance parameter 204 can include a current time. In some cases, a common timing reference between the device and the network can be used.
e) Frequency:
Alternatively, or in combination, the specific instance parameter 204 can include a parameter indicating a subcarrier frequency of the radio resource used by the physical channel such as PDCCH. In case of carrier aggregation, the specific instance parameter 204 can also include a parameter indicating a frequency of a component carrier on which the physical channel is sent.
One or more of the specific instance parameters 204 described above can be input to the encryption module 208. In some implementations, these specific instance parameters can be used in addition to the parameters already used in the system, e.g., a cipher key such as a symmetric key Kasme or KeNB of LTE as defined in 3GPP TS 33.401. The specific instance parameters 204 to the encryption module 208 can apply in different ways, for example, applying in parallel into the encryption algorithm, or concatenating more than one parameter and inputting them altogether into the encryption algorithm. In
As shown in
When the UE receives the physical layer control channel data, the UE separates the encrypted control message and the scrambled CRC (i.e., CRC XOR eRNTI) based on, for example, a predefined number of bits for CRC. The UE can determine its eRNTI by performing the same encryption as the base station. Assuming no transmission error occurs during transmission of the control channel data, the UE can compute CRC parity bits based on the encrypted control message and XOR the computed CRC with the scrambled CRC. If the result from the XOR operation matches the UE's eRNTI, then the control channel is intended for the UE and the UE decodes the control message. Otherwise the control channel is not intended for the UE and the UE ignores the control message. Alternatively, the UE can XOR its eRNTI with the scrambled CRC. If the result from the XOR operation matches the CRC computed based on the encrypted control message, then the UE proceeds to decode the control message as it is intended for the UE. Otherwise, the UE ignores the control message. The UE can decrypt the encrypted control message using the same encryption parameters the base station used. Note that the error control code redundancy (e.g., redundancy in CRC) cannot be used by a malicious attacker as it will not be able to retrieve a transmitted RNTI. From the attacker's perspective without knowledge of the RNTI there is no redundancy in the CRC codeword which can be used in an attack. In other words, the redundancy in the error control codeword has been removed from the point of view of an outside attacked by adding in the RNTI.
In some cases, the eRNTIs are made of 16 bits, and any two eRNTI instances have a probability of ½16 of being the same. Similar to what occurs in LTE Rel-8, there will be instances where a UE decodes a control message not intended for it. In LTE Rel-8 this occurs in several scenarios:
Inputs to generate the encryption sequence e0, e1, . . . , e15 that will be used to encrypt the RNTI are:
The subframe number consists of 4 bits indicating subframe 0, . . . , 9.
The frame number is the SFN (system frame number) consisting of 10 bits.
16 bits are outputted from the cipher to produce e0, e1, . . . , e15.
3GPP TS 36.212 can include the following description for CRC generation:
Error detection is provided on DCI transmissions through a Cyclic Redundancy Check (CRC).
The entire payload is used to calculate the CRC parity bits. Denote the bits of the payload by a0, a1, a2, a3, . . . , aA−1 and the parity bits by p0, p1, p2, p3, . . . pL−1. A is the payload size and L is the number of parity bits.
The parity bits are computed and attached according to section 5.1.1 setting L to 16 bits, resulting in the sequence b0, b1, b2, b3, . . . , bB−1, where B=A+L.
In the case where closed-loop UE transmit antenna selection is not configured or applicable, after attachment, the RNTI xrnti,0, xrnti,1, . . . , xrnti,15 is scrambled with the encryption sequence e0, e1, . . . , e15 to produce the encrypted RNTI (eRNTI) xernti,0, xernti,1, . . . , xernti,15.
xernti,k=(xrnti,k+ek)mod 2 for k=0, 1, . . . , 15.
In the case where closed-loop UE transmit antenna selection is not configured or applicable, after attachment, the CRC parity bits are scrambled with the corresponding eRNTI xernti,0, xernti,1, . . . , xernti,15, where xernti,0 corresponds to the MSB of the eRNTI, to form the sequence of bits c0, c1, c2, c3, . . . , cB−1. The relation between ck and bk is:
In the case where closed-loop UE transmit antenna selection is configured and applicable, after attachment, the CRC parity bits with DCI format 0 are scrambled with the antenna selection mask xAS,0, xAS,1, . . . , xAS,15 as indicated in Table 5.3.3.2-1 and the corresponding eRNTI xernti,0, xernti,1, . . . , xernti,15 to form the sequence of bits c0, c1, c2, c3, . . . cB−1. The relation between ck and bk is:
The wireless communication subsystem 806 may be configured to provide wireless communications for data information or control information provided by the processing unit 802. The wireless communication subsystem 806 can include, for example, one or more antennas, a receiver, a transmitter, a local oscillator, a mixer, and a digital signal processing (DSP) unit. In some implementations, the subsystem 806 can support multiple input multiple output (MIMO) transmissions. In some implementations, the receivers in the wireless communication subsystems 806 can be an advance receiver or a baseline receiver. Two receivers can be implemented with identical, similar, or different receiver processing algorithms.
The user interface 808 can include, for example, one or more of a screen or touch screen (for example, a liquid crystal display (LCD), a light emitting display (LED), an organic light emitting display (OLED), a microelectromechanical system (MEMS) display), a keyboard or keypad, a trackball, a speaker, and a microphone. The I/O interface 810 can include, for example, a universal serial bus (USB) interface. A skilled artisan will readily appreciate that various other components can also be included in the example UE device 800.
While operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be employed. Moreover, the separation of various system components in the implementation descried above should not be understood as requiring such separation in all implementations, and it should be understood that the described program components and systems can generally be integrated together in a signal software product or packaged into multiple software products.
Also, techniques, systems, subsystems, and methods described and illustrated in the various implementations as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods. Other items shown or discussed as coupled or directly coupled or communicating with each other may be indirectly coupled or communicating through some interface, device, or intermediate component, whether electrically, mechanically, or otherwise. Other examples of changes, substitutions, and alterations are ascertainable by one skilled in the art and may be made.
While the above detailed description has shown, described, and pointed out the fundamental novel features of the disclosure as applied to various implementations, it will be understood that various omissions, substitutions, and changes in the form and details of the system illustrated may be made by those skilled in the art. In addition, the order of method steps are not implied by the order they appear in the claims.
Arzelier, Claude Jean-Frederic, Buckley, Michael Eoin, Chen, Shu-Lin
Patent | Priority | Assignee | Title |
10834063, | Jul 06 2017 | AT&T Intellectual Property I, L.P. | Facilitating provisioning of an out-of-band pseudonym over a secure communication channel |
Patent | Priority | Assignee | Title |
8855303, | Dec 05 2012 | The Boeing Company | Cryptography using a symmetric frequency-based encryption algorithm |
9603136, | May 26 2010 | Industrial Technology Research Institute | Control channel allocation method, control channel searching method and communication apparatus using the same |
9635659, | Jan 03 2013 | Qualcomm Incorporated | ENB PDCCH implementation to avoid ambiguous DCI information |
9839018, | Jul 03 2013 | FUTUREWEI TECHNOLOGIES, INC | Systems and methods for transmitting data information messages on a downlink of a wireless communication system |
9960911, | Sep 11 2015 | SIGNALCHIP INNOVATIONS PRIVATE LIMITED | System and method for securing wireless communication through physical layer control and data channel |
20150036625, | |||
20170279778, | |||
20170289108, | |||
20180026740, | |||
20180227942, | |||
EP1992189, | |||
WO2007095471, | |||
WO2018004631, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jan 06 2017 | BlackBerry Limited | (assignment on the face of the patent) | / | |||
Jan 23 2017 | CHEN, SHU-LIN | BlackBerry Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041264 | /0209 | |
Feb 07 2017 | ARZELIER, CLAUDE JEAN-FREDERIC | BLACKBERRY FRANCE S A S | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041264 | /0339 | |
Feb 13 2017 | BUCKLEY, MICHAEL EOIN | BlackBerry Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041264 | /0429 | |
Feb 14 2017 | BLACKBERRY UK LIMITED | BlackBerry Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041379 | /0086 | |
Feb 14 2017 | BLACKBERRY FRANCE S A S | BLACKBERRY UK LIMITED | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041379 | /0071 | |
Feb 14 2017 | BlackBerry Corporation | BlackBerry Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 041379 | /0051 | |
Mar 20 2023 | BlackBerry Limited | OT PATENT ESCROW, LLC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 063471 | /0474 | |
Mar 20 2023 | BlackBerry Limited | OT PATENT ESCROW, LLC | CORRECTIVE ASSIGNMENT TO CORRECT THE COVER SHEET AT PAGE 50 TO REMOVE 12817157 PREVIOUSLY RECORDED ON REEL 063471 FRAME 0474 ASSIGNOR S HEREBY CONFIRMS THE ASSIGNMENT | 064806 | /0669 | |
May 11 2023 | OT PATENT ESCROW, LLC | Malikie Innovations Limited | NUNC PRO TUNC ASSIGNMENT SEE DOCUMENT FOR DETAILS | 064015 | /0001 | |
May 11 2023 | OT PATENT ESCROW, LLC | Malikie Innovations Limited | CORRECTIVE ASSIGNMENT TO CORRECT 12817157 APPLICATION NUMBER PREVIOUSLY RECORDED AT REEL: 064015 FRAME: 0001 ASSIGNOR S HEREBY CONFIRMS THE ASSIGNMENT | 064807 | /0001 | |
May 11 2023 | BlackBerry Limited | Malikie Innovations Limited | NUNC PRO TUNC ASSIGNMENT SEE DOCUMENT FOR DETAILS | 064066 | /0001 |
Date | Maintenance Fee Events |
Jan 23 2023 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Date | Maintenance Schedule |
Jul 23 2022 | 4 years fee payment window open |
Jan 23 2023 | 6 months grace period start (w surcharge) |
Jul 23 2023 | patent expiry (for year 4) |
Jul 23 2025 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jul 23 2026 | 8 years fee payment window open |
Jan 23 2027 | 6 months grace period start (w surcharge) |
Jul 23 2027 | patent expiry (for year 8) |
Jul 23 2029 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jul 23 2030 | 12 years fee payment window open |
Jan 23 2031 | 6 months grace period start (w surcharge) |
Jul 23 2031 | patent expiry (for year 12) |
Jul 23 2033 | 2 years to revive unintentionally abandoned end. (for year 12) |